#!/bin/bash # List of supported quantum-safe algorithms list="dilithium2 dilithium3 dilithium5 falcon512 falcon1024 sphincssha2128fsimple sphincssha2128ssimple sphincssha2192fsimple sphincssha2192ssimple sphincssha2256fsimple sphincssha2256ssimple sphincsshake128fsimple sphincsshake128ssimple sphincsshake192fsimple sphincsshake192ssimple sphincsshake256fsimple sphincsshake256ssimple" if [ "$#" -eq 0 ] ; then echo "BLA" else # Check if input algorithm is in list of supported algos # input: $1 - list, $2 - algorithm name # @return - bool value 0/1 function list_include_item { local list="$1" local item="$2" if [[ $list =~ (^|[[:space:]])"$item"($|[[:space:]]) ]] ; then # yes, list include item result=0 else result=1 fi return $result } # Change input argument (algo name) to lowercase value lowercase_string=$(echo "$1" | tr '[:upper:]' '[:lower:]') if `!(list_include_item "$list" "$lowercase_string")` ; then echo "Unknown signature - check again" else echo "Name of the signature: $lowercase_string" # PRE SCOTTA openssl req -new -x509 -days 365 -newkey $lowercase_string -keyout "$lowercase_string"_CA.key -out "$lowercase_string"_CA.crt -nodes -config ./root.cnf openssl req -new -newkey $lowercase_string -keyout "$lowercase_string"_intCA.key -out "$lowercase_string"_intCA.csr -nodes -config ./intermediate.cnf openssl x509 -req -CAcreateserial -days 365 -extfile certificate-authority-options.conf -extensions v3_intermediate_ca -in "$lowercase_string"_intCA.csr -CA "$lowercase_string"_CA.crt -CAkey "$lowercase_string"_CA.key -out "$lowercase_string"_intCA.crt openssl verify -CAfile "$lowercase_string"_CA.crt "$lowercase_string"_intCA.crt openssl req -new -newkey $lowercase_string -keyout "$lowercase_string"_server.key -out "$lowercase_string"_server.csr -nodes -subj "/CN=TiigerTLS server" -config openssl.cnf openssl x509 -req -in "$lowercase_string"_server.csr -CA "$lowercase_string"_intCA.crt -CAkey "$lowercase_string"_intCA.key -set_serial 01 -days 365 -out "$lowercase_string"_server.crt openssl verify -CAfile "$lowercase_string"_CA.crt -untrusted "$lowercase_string"_intCA.crt "$lowercase_string"_server.crt cat "$lowercase_string"_server.crt "$lowercase_string"_intCA.crt > "$lowercase_string"_certchain.pem # PRE BPS #openssl genpkey -algorithm $lowercase_string -out myCA.key #openssl req -x509 -config certificate-authority-options.conf -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem #openssl genpkey -algorithm $lowercase_string -out client.key #openssl req -config options.conf -new -key client.key -out client.csr #openssl x509 -req -in client.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out client.pem -days 1825 #openssl genpkey -algorithm $lowercase_string -out server.key #openssl req -config options.conf -new -key server.key -out server.csr #openssl x509 -req -in server.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out server.pem -days 1825 #openssl verify -CAfile ./myCA.pem ./client.pem #openssl verify -CAfile ./myCA.pem ./server.pem fi fi openssl s_server -cert "$lowercase_string"_CA.crt -key "$lowercase_string"_CA.key -cert_chain "$lowercase_string"_certchain.pem -www -tls1_3 -groups kyber768